PASS TO SITE/FACILITY/COMMAND INFORMATION SYSTEM SECURITY OFFICER
(ISSO), SPECIAL SECURITY OFFICER (SSO), INFORMATION RESOURCE MANAGER
(IRM) AND AUTOMATED DATA PROCESSOR (ADP) COORDINATORS
SUBJECT: SUN SECURITY PATCHES AND SOFTWARE UPDATES (AUTOMATED SYSTEM
SECURITY INCIDENT SUPPORT TEAM (ASSIST) BULLETIN 93-XX).
1. SUN MICROSYSTEMS HAS RELEASED INFORMATION REGARDING THE
AVAILABILITY OF NEW AND UPDATED SECURITY PATCHES FOR THE SUNOS
OPERATING SYSTEM. SUN MICROSYSTEMS HAS ALSO ANNOUNCED THE
AVAILABILITY OF NEW VERSIONS OF ITS DECNET INTERFACE (DNI) AND PC-NFS
SOFTWARE PACKAGES THAT CORRECT SECURITY VULNERABILITIES OF PREVIOUS
RELEASES. SUN SECURITY PATCHES ARE AVAILABLE THROUGH YOUR LOCAL SUN
ANSWER CENTER AND VIA ANONYMOUS FTP. IN THE U.S., FTP TO FTP.UU.NET
AND RETRIEVE THE PATCHES FROM THE /SYSTEMS/SUN/SUN-DIST DIRECTORY.
IN EUROPE, FTP TO MCSUN.EU.NET AND RETRIEVE THE PATCHES FROM THE
/SUN/FIXES DIRECTORY. THE PATCHES ARE CONTAINED IN COMPRESSED
TARFILES NAMED [PATCH].TAR.Z. FOR EXAMPLE, IF YOU WISH TO OBTAIN
PATCH 100891-01, THE CORRESPONDING COMPRESSED TARFILE WOULD BE NAMED
100891-01.TAR.Z. EACH COMPRESSED TARFILE HAS BEEN CHECKSUMMED USING
THE SUNOS "SUM" COMMAND. AFTER RETRIEVING EACH PATCH, THE CHECKSUM
SHOULD BE RECOMPUTED AND COMPARED TO THOSE LISTED IN THIS BULLETIN.
IF YOU FIND THAT THE CHECKSUM FOR A PATCH DIFFERS FROM THOSE LISTED
BELOW, PLEASE CONTACT SUN MICROSYSTEMS OR ASSIST FOR CONFIRMATION
BEFORE USING THE PATCH. TO INSTALL THE PATCHES, FOLLOW THE
INSTRUCTIONS CONTAINED IN THE README FILES THAT ACCOMPANY EACH PATCH.
2. THE FOLLOWING PATCHES ARE EITHER NEW SECURITY PATCHES OR NEW
VERSIONS OF EXISTING PATCHES THAT PROVIDE ADDITIONAL SECURITY
FEATURES OR SUPPORT ADDITIONAL SUN PLATFORMS. ASSIST STRONGLY
RECOMMENDS THE INSTALLATION OF ALL APPLICABLE SECURITY PATCHES ON DOD
INTEREST COMPUTER SYSTEMS.
PATCH CHECKSUM SUNOS VERSIONS
----- -------- --------------
100891-01 33195 3075 4.1.3
LIBC REPLACEMENT - CORRECTS INSECURE HANDLING OF NETGROUPS
AND FIXES A BUG IN XLOCK THAT COULD CAUSE IT TO CRASH AND
LEAVE THE SYSTEM UNPROTECTED.
100884-01 03775 2610 5.1 (SOLARIS 2.1)
CLOSES SECURITY VULNERABILITY WITH THE SRMMU WINDOW
HANDLER.
100833-02 49753 155 5.1 (SOLARIS 2.1)
REQUIRED FOR USE OF SUN'S UNBUNDLED BASIC SECURITY MODULE
(BSM) WITH SOLARIS 2.1.
100623-03 56063 141 4.1.2, 4.1.3
UFS JUMBO PATCH - NON-RANDOM FILE HANDLES CAN BE GUESSED.
THIS PATCH SHOULD BE APPLIED AFTER THE MOST RECENT VERSION
OF 100173.
100448-01 29285 5 4.1.1, 4.1.2, 4.1.3
OPENWINDOWS 3.0 LOADMODULE PATCH - THIS RELEASE ADDS
SUPPORT FOR SUNOS 4.1.3. SITES RUNNING SUNOS 4.1.1 OR
4.1.2 DO NOT NEED TO INSTALL THIS PATCH AGAIN IF IT WAS
PREVIOUSLY INSTALLED.
100305-11 38582 500 4.1, 4.1.1, 4.1.2, 4.1.3
THIS PATCH FIXES INCORRECT USER ID CHECKING IN
/USR/UCB/LPR.
100121-09 57589 360 4.1
NFS JUMBO PATCH - THIS PATCH ADDS SUPPORT FOR SUN4E
ARCHITECTURES. OTHER ARCHITECTURES NEED NOT REINSTALL
THE PATCH IF A PREVIOUS VERSION WAS INSTALLED.
3. THE FOLLOWING SECURITY PATCHES HAVE BEEN UPDATED WITH
NON-SECURITY RELATED ENHANCEMENTS. SYSTEMS WITH PREVIOUS VERSIONS OF
THESE PATCHES ALREADY INSTALLED DO NOT NEED TO INSTALL THE NEW
VERSIONS UNLESS THE ADDITIONAL NON-SECURITY RELATED ENHANCEMENTS ARE
DESIRED.
PATCH CHECKSUM SUNOS VERSIONS
----- -------- --------------
100513-02 34315 483 4.1, 4.1.1, 4.1.2, 4.1.3
JUMBO TTY PATCH - THIS RELEASE FIXES A TTY BUG THAT CAN
CAUSE SYSTEM CRASHES. PREVIOUS RELEASES CORRECTED A
VULNERABILITY THAT ALLOWED CONSOLE INPUT AND OUTPUT
TO BE REDIRECTED.
100482-04 06594 342 4.1, 4.1.1, 4.1.2, 4.1.3
YPSERV AND YPXFRD SECURITY PATCH - CORRECTS INCORRECT
DNS LOOKUP FAILURES WHEN A HOST IS UP BUT HAS NO
NAMESERVER RUNNING. PREVIOUS RELEASES OF THIS PATCH
CORRECTED A CONDITION THAT ALLOWED NIS TO DISTRIBUTE MAPS,
INCLUDING THE PASSWORD MAP, TO ANYONE. NOTE: THE
/VAR/YP/SECURENETS CONFIGURATION FILE CANNOT CONTAIN BLANK
LINES.
100452-28 07299 1688 4.1, 4.1.1, 4.1.2, 4.1.3
XVIEW 3.0 JUMBO PATCH - THIS RELEASE FIXES SEVERAL
OPENWINDOWS AND XVIEW BUGS, INCLUDING PROBLEMS WITH
MAILTOOL AND FILEMGR. PREVIOUS RELEASES CORRECTED A
PROBLEM WITH CMDTOOL THAT ALLOWED THE DISCLOSURE OF
PASSWORDS.
100383-06 58984 121 4.0.3, 4.1, 4.1.1, 4.1.2, 4.1.3
RDIST PATCH - THIS RELEASE ALLOWS /USR/UCB/RDIST TO
TRANSFER HARD LINKED FILES. PREVIOUS RELEASES OF THIS
PATCH CORRECTED A BUG THAT ALLOWED USERS TO GAIN ROOT
ACCESS.
100224-06 57647 54 4.1.1, 4.1.2, 4.1.3
/BIN/MAIL JUMBO PATCH - THIS RELEASE CORRECTS A PROBLEM
THAT CAUSED /BIN/MAIL TO CRASH. PREVIOUS RELEASES
CORRECTED A PROBLEM THAT ALLOWED /BIN/MAIL TO BE USED TO
INVOKE A ROOT SHELL.
100173-10 48086 788 4.1.1, 4.1.2, 4.1.3
NFS JUMBO PATCH - THIS RELEASE CORRECTS POOR NFS WRITE
APPEND PERFORMANCE. PREVIOUS VERSIONS OF THIS PATCH
CORRECTED A BUG WITH THE HANDLING OF SETUID PROGRAMS
COPIED TO NFS FILE SYSTEMS.
4. VERSIONS OF SUN'S DNI PRODUCT PRIOR TO 7.0.1 ARE KNOWN TO HAVE
TWO SECURITY VULNERABILITIES:
- DNI_RC_INS CREATES AN RC SCRIPT WITH WORLD WRITABLE PERMISSIONS.
- FILES COPIED TO VAX/VMS SYSTEMS USING DNICP ARE ASSIGNED
INCORRECT PERMISSIONS.
TO CLOSE THE VULNERABILITIES, SUN RECOMMENDS THAT YOU UPGRADE TO DNI
VERSION 7.0.1. SUN HAS DISTRIBUTED THE UPGRADE FREE OF CHARGE TO ALL
CUSTOMERS WITH A DNI SUPPORT CONTRACT. THOSE CUSTOMERS NOT ON
SOFTWARE SUPPORT SHOULD OBTAIN THE UPGRADE THROUGH THEIR STANDARD SUN
SALES CHANNELS.
5. THE PC-NFS PRINTING AND AUTHENTICATION DAEMON PCNFSD ALLOWS
UNAUTHORIZED ACCESS TO THE SYSTEM. IT IS RECOMMENDED THAT SITES WITH
PCNFSD INSTALLED UPGRADE TO THE LATEST VERSION. THE LATEST VERSION
OF PCNFSD MAY BE OBTAINED FREE OF CHARGE VIA ANONYMOUS FTP FROM
BCM.TMC.EDU IN THE /PCNFS DIRECTORY AND FROM SRC.DOC.IC.AC.UK IN THE
/PUB/SUN/PC-NFS DIRECTORY IN A FILE NAMED PCNFSD.93.02.16.TAR.Z.
6. POINT OF CONTACT: ASSIST POINT OF CONTACT FOR THIS MATTER IS
PETE HAMMES, COMM (703) 696-1924/5/6 OR DSN 226-1924/5/6. ASSIST CAN
BE REACHED 24 HOURS PER DAY, COMMERCIAL PAGER (800) SKY-PAGE (800-
759-7243), PIN NUMBER 2133937. WHEN CALLING THE PAGER SERVICE,
FOLLOW THE AUTOMATED VOICE INSTRUCTIONS AND ENTER THE CALL BACK
NUMBER AFTER THE PROMPT. THE ASSIST DUTY OFFICER WILL CALL YOU BACK
WITHIN 30 MINUTES. IF FASTER SERVICE IS REQUIRED, PREFIX YOUR
TELEPHONE NUMBER WITH "999", AND THE ASSIST DUTY OFFICER WILL CALL
BACK WITHIN 5 MINUTES. ASSIST CAN BE REACHED VIA E-MAIL AT "DOD-
CERT(AT-SIGN)DDN-CONUS.DDN.MIL".
BT